I found a new functionality on wpa_supplicant master branch. http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=a5d44ac0839358f25c4586de58b4125a21e2c7b6 http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=569ccf719f794d5df243f86892668995ab6d3868 http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=db13605816d4ab1e15a05129e3f30316dffad67a
If we port this patch, We can do EAP-SIM/AKA/AKA' without pcsc_func.c modification. Indeed this patch is not included in wpa_supplicant in the Android. But this patch will be added in future release. So I think backporting this patch and use this is better solution. Regards, Masashi Honma. 2013/9/30 Shao-Hang Kao <s...@mozilla.com>: > cc mvines, > > we proposed another architecture without patching wpa_supplicant but require > 3 RIL requests which may not supported on all devices: > > // UICC Secure Access > this.REQUEST_SIM_OPEN_CHANNEL = 121; > this.REQUEST_SIM_CLOSE_CHANNEL = 122; > this.REQUEST_SIM_ACCESS_CHANNEL = 123; > > any suggestions? > > Best Regards, > S.H. Kao > Software Engineer, Mozilla Taiwan > > ----- Original Message ----- > From: "Shao-Hang Kao" <s...@mozilla.com> > To: dev-b2g@lists.mozilla.org > Sent: Monday, September 30, 2013 6:26:24 PM > Subject: Re: [b2g] EAP-SIM Architecture proposal > > Just tried SIM_ACCESS_CHANNEL on Inari and looks like it's not supported: > > I/Gecko ( 369): -*- RadioInterface[0]: Received message from worker: > {"channel":0,"apdu":{"cla":0,"command":164,"p1":4,"p2":0,"p3":0},"rilMessageToken":342,"rilMessageType":"iccExchangeAPDU","rilRequestType":123,"rilRequestError":6,"error":"RequestNotSupported"} > > If it's impossible to implement SIM_OPEN/ACCESS/CLOSE_CHANNEL with SIM_IO > then I think it's may be almost impossible to implement EAP-SIM without a > patch of wpa_supplicant. > > Best Regards, > S.H. Kao > Software Engineer, Mozilla Taiwan > > ----- Original Message ----- > From: s...@mozilla.com > To: dev-b2g@lists.mozilla.org > Sent: Friday, September 27, 2013 5:32:10 PM > Subject: Re: [b2g] EAP-SIM Architecture proposal > > Hi, > > I'm proposing an alternative architecture without maintaining a patch over > wpa_supplicant. > > Using a similar architecture to the project seek-for-android[1], we need a > pcsc daemon (pcscd) from pcsc-lite running on B2G as a fake card reader so > wpa_supplicant can communicate with it when EAP-SIM authentication needed. > With some modifications in pcscd we can implement these operations (as an > SmartCardInterface) with 3 RIL requests: SIM_OPEN_CHANNEL, SIM_CLOSE_CHANNEL > and SIM_ACCESS_CHANNEL, and redirect them to chrome process via unix domain > socket. For the detailed visualization of this architecture please refer to > [2]. > > There're some potential problems: > a. we need 3 requests mentioned above but the target may not support them, so > far we only know nexus-s have these implemented and not sure for other > devices. possible solution: use SIM_IO to implement them (reference: [3]) > b. we have to make sure the socket connection between pcscd & chrome process > is secured, otherwise someone my pretent they're 'fake pcscd' to connect and > access sim card with open/close/access channel operations (pointed out by > Yoshi Huang), possible solutions: > 1. the domain socket will be opened in root privilege, so processes > without root privilege can't access it and it's safe on devices not rooted. > I'm not sure how secure we should achieve and have no idea if this is enough > to solve this problem. > 2. Further more, we can parse the APDU received with SIM_ACCESS_CHANNEL > (in chrome process) and only allow EAP-SIM related commands to execute, > basically they will be get imsi & authentication related commands (I'm not > sure about the exact commands, need to do further tests) > 3. maybe some challenge based protocols suggested by Henry Chang > > Any problems or suggestions are welcome, Thanks! > > S.H. Kao > > [1] http://code.google.com/p/seek-for-android/wiki/EapSimAka > [2] > https://docs.google.com/presentation/d/1CK6aKzw5jhAjNopqrmifGHDIgvJsfGP1bXmpwk-Z0aw/edit?usp=sharing > [3] https://bugzilla.mozilla.org/show_bug.cgi?id=921320 > _______________________________________________ > dev-b2g mailing list > dev-b2g@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-b2g > _______________________________________________ > dev-b2g mailing list > dev-b2g@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-b2g > _______________________________________________ > dev-b2g mailing list > dev-b2g@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-b2g _______________________________________________ dev-b2g mailing list dev-b2g@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-b2g